Microsoft released a security Advisory on recent security vulnerabilities in Macromedia Flash Player, a third party software application that also was redistributed with Microsoft Windows XP Service Pack 1, Windows XP Service Pack 2, Windows 98, Windows 98 SE, and Windows Millennium Edition. The Microsoft Security Response Center is in communication with Macromedia and is aware that Macromedia has made updates that are available on their Web site.
http://www.microsoft.com/technet/security/advisory/910550.mspx
Microsoft Security Advisory (910550) Macromedia Security Bulletin: MPSB05-07 Flash Player 7 Improper Memory Access Vulnerability
Urs
Breplibot.b is a backdoor with bot capabilities. It connects to several IRC servers and waits for commands from the backdoor author. The backdoor tries to utilize Sony DRM software for hiding its process, file and registry keys. An AV vendor discuses this in even more detail. Sony BMG will temporarily suspend the manufacture of copy-protected CDs and re-examine its digital-rights management strategy, the media giant said on Friday.
http://www.f-secure.com/v-descs/breplibot_b.shtmlhttp://www.securityfocus.com/brief/45?ref=rss
Bascially there are two attack vectors that have not yet been exploited heavily: Mobile Devices and Instant Messaging. There are some articles that expect that a fully automated IM worm is pretty likely.
One example for this is: http://www.eweek.com/article2/0,1759,1880026,00.asp?kc=EWRSS03129TX1K0000614
Scaring.... Are you ready? There are by the way anti-virus solutions tackling IM as well: http://www.microsoft.com/windowsserversystem/solutions/security/sybari.mspx :-)
Roger
Alternative Data Stream support was added to NTFS (Windows NT, Windows 2000 and Windows XP) to help support Macintosh Hierarchical File System (HFS) which uses resource forks to store icons and other information for a file. While this is the intended use (as well as a few Windows internal functions) there or other uses for Alternative Data Streams that should concern system administrators and security professionals. Using Alternative Data Streams a user can easily hide files that can go undetected unless closely inspection. This tutorial will give basic information on how to manipulate and detect Alternative Data Streams.
http://www.irongeek.com/i.php?page=security/altds
The bad story about this is, that most of the scan engines and removal tools will fail detecting malware "protected" in alternate streams.Urs
Microsoft is deeply committed to optimizing the security of its products and services. As part of that commitment, Microsoft strongly supports the Common Criteria certification program¡a commitment that is directly reflected in its successful effort to design Exchange Server 2003 to meet and exceed the security requirements specified for commercially available systems. The efforts by Microsoft are rooted in the conviction that the Common Criteria evaluation and certification system creates a reliable, internationally recognized way for consumers to evaluate and gain confidence in the security of IT products. By defining clear, robust security standards and establishing an independent security evaluation process, the Common Criteria promote the benefits and efficiencies that secure computing environments can provide to individuals, businesses, and governments.
https://www.microsoft.com/technet/ prodtechnol/exchange/2003/e2k3cc.mspx
If this article is actually true, then the Sony setup creates under certain circumstances a hidden Adminsitrator account with empty passwords. You would better check out your installation if you have such a notebook. You find more information on: http://archives.neohapsis.com/archives/bugtraq/2005-11/0101.html
Nothing extremely urgent but extremely interesting: The BSI (Bundesamt für Sicherheit in der Informationstechnik, Germany) published a study about VoIP security: http://downloads.bsi-fuer-buerger.de/literat/studien/VoIP/voipsec.pdf (I appologize - in German only). It is about 11MB and 146 pages but interesting to read
It is time for some weird messages: A top scientist warns from a possible hack by aliens: http://www.scmagazine.com/us/news/article/529846/et-hack-internet/
Therefore: Do not open e-mails from unkown extraterrestrials
Some DRM systems have started to use rootkit technology. Rootkits are normally associated with malware but in this case a rootkit is used to enforce the copy control policies of audio CDs! DRM software restricts the user's ability to make copies of a record and for that reason uses technology that prevents removal and modification of the software. Sony BMG is currently using a rootkit-based DRM system on some CD records sold in USA. As it looks, this system has been in use since March 2005. Some test purchases for Sony BMG records from Amazon.com confirmed that they contained this technology!
http://www.f-secure.com/weblog/#00000691
http://news.com.com/Sony+CD+protection +sparks+security+concerns/2100-7355_3-5926657.html?part=rss&tag=5926657 &subj=news
Not a good way to go in my opinion! And there are some rumors of malware already, looking to "re-use" that technology!
You probably saw our recent announcements about Windows Life and Office Life. As part of Windows Life there is the Windows Life Safety Center. Check out the Beta at http://safety.live.com. It's cool stuff.
Just to make it clear: It is an online scanner - no real-time protection and might run in parallel to your AV-software
Microsoft on Thursday announced it would pull data on phishing sites from three new partners in an attempt to boost the effectiveness of its anti-fraud technology. The three firms New York based Cyota, Tacoma, Wash. based Internet Identity, and San Francisco based MarkMonitor will provide data to Microsoft on phishing threats and confirmed phishing Web sites. The new data will be used in the current Phishing Filter, a free add on to Microsoft's MSN Search Toolbar, and in the anti-phishing tools integrated within Internet Explorer 7 for Windows Vista and Windows XP SP2. IE 7 is still in beta testing on both platforms.
http://www.securitypipeline.com/news/174300989
The anti-phisshingfilter can be downloaded at: http://addins.msn.com/phishingfilter/
From the product team directly:
Every week seems like a big week for us in the engineering team working on our anti-malware technology. However, last week was especially important in a sentimental way. We got the final name for the cool technology our team has been developing for Windows. The name, after long consideration by our product marketing and branding folks, is "Windows Defender"! What's really cool about this name is that it’s more positive than "Windows AntiSpyware". Windows Defender is about what Windows will do for customers, defending them from spyware and other unwanted software. Our solution has really been about more than just the standard definition of "spyware". We’ve always said we will provide visibility and control, as well as protection, detection and removal from other potentially unwanted software, including rootkits, keystroke loggers and more.
Making the engineering change from "Windows AntiSpyware" to "Windows Defender" took a lot of careful coordination across our team to ensure that the strings in the UI got changed, the help files all got updated, registry keys, file names and properties, as well as a couple of images all got changed. All this work was completed and tested last Thursday, and is currently making its way through our build systems in Windows to make it into the main build environment, where official builds come from. We're pretty excited by the name, and by the sleek new UI and other improvements we've been making in it to help make Windows Vista the best operating system around! But Windows Defender is about a lot more than just a name change. The engine is now moved to a system service, and signatures are delivered over Windows Update. The detection mechanisms have also been radically improved by applying to spyware threats all the great detection technology we use in our antivirus engine.
As part of this engineering milestone, we've also started to prime the Windows Update software distribution channels with signatures for Windows Defender. This is important so the signatures are available when we ship the next beta. So, for enterprise and corporate customers that are using Windows Server Update Services, you will start seeing "Windows Defender" in the product category dialog as well as a new classification called "Definition Updates". So, now you'll know what that means.
In addition to the work that my team's been doing to develop this for Windows Vista over the past many months, it will also be available to existing Windows XP users, replacing the current Windows AntiSpyware technology we've been shipping in beta since January. More details on that in a future post. If you're not using our current Windows AntiSpyware beta, please give that a try!I hope you like the name, and we can't wait to get Windows Defender into your hands to try. If you have any thoughts about the name, I'd be happy to read your feedback, and share it with out team. Hopefully in the next few days I can even get a screen shot posted for you!
RSS: http://blogs.technet.com/antimalware/rss.aspx
We haven been asked frequently whether our Anti-Spyware solution will detect and remove the Sony DRM-Rootkit. To make it short, yes we will. You will find the corresponding blog-entry by Jason Grams: http://blogs.technet.com/antimalware/archive/2005/11/12/414299.aspx